GartnerSEC: people-centric IT practices encouraged
BYOD is now turning into CYOD - "Choose Your Own Device"
Gartner analyst Dionsio Zumerle spoke at this morning's Gartner Security & Risk Management Summit about the state of mobile security, focusing on the idea that IT security needs to move to ‘people-centric' security practices when it comes to managing mobile devices in the enterprise.
Zumerle said: “All too often it's a case of ‘them against us', rather we need to become enablers within the enterprise. We need to take the path of least resistance and encourage the use of the best tools available.”
He continued: “Users want to be able to work with agility and simplicity and will find a way to do that if you don't give it to them. This is the reason why IT security departments are often seen as a hindrance, as they often ask for eavesdropping abilities and make the process of adopting new software and devices much too complex.”
According to Zumerle, there has been a large rise in shadow IT development, where people are now making the right tools for themselves to do the job. He argued that this too is a positive thing, as long as it is properly managed by IT with Git accounts, and the developers are using company-approved frameworks for their development.
However, Zumerle advised that users need to start being held accountable. Zumerle points out that governance is not possible when IT cannot control processes. For this to happen Zumerle says we need to promote a culture of individual responsibility for business processes, encourage self-testing security tools and develop people-centric security planning decisions and consequences.
When it comes to physical tech, Zumerle said that Gartner estimates that mobile technology has at most a three-year life cycle, and advises people not to over commit.
A good example of this is proven in the demand for iOS devices in the enterprise, who according to Zumerle, like the OS because of its ability to provide consistency for remote wipes to protect company data, for example.
Likewise authentication technology is being encouraged, whether TouchID or the Note 7's iris scanner. This follows in the footsteps of the financial sector – Zumerle says Gartner is predicting the death of the password imminently because of the rise in use of these kinds of technologies.
These sorts of technologies, according to Zumerle, provide a huge amount of analytics which are able to identify tiny changes in user behaviour – for example, if a user is zooming into a photo in a way they usually don't or if they are typing with the phone in a different orientation.
Finally, Zumerle concluded by saying, “data is the grand prize” in our modern workplace. And because of this, data loss by device loss is a much bigger risk than mobile malware in the enterprise. The malware issue, according to Zumerle, is far larger in the commercial sector.He said, “We are way past device-centric security, and are now well into information-centric security.”